I have what I hope is a simple question. We have response logs from different payers. If they are having system issues, they will respond with a “AAA” code. In this case
AAA*Y**42*. How can I filter for these? When I search for
AAA*Y**42* I get responses with AAA or Y or 42.
Sorry for the newbie question
Hi cj039165, the regex command could be useful here, i.e.
sourcetype=your_system_issues_sourcetype | regex "AAA\*Y\*\*42\*"
This will filter all events that match that pattern.
Please let me know if this answers your question!